Date: Tue, 18 Feb 2020 22:50:33 +0000
<p>We dive into the Linux kernel this week with guest <a href="https://twitter.com/leodido">Leonardo Di Donato</a>, Open Source engineer at <a href="https://www.sysdig.com/">Sysdig</a>. Leonardo works full-time on the Falco project, a runtime security engine that listens to the Linux kernel using eBPF - the extended Berkeley Packet Filter. Leonardo tells <a href="https://kubernetespodcast.com/about">the hosts</a> about the architecture of eBPF, how he has used it before and now, and what’s coming up for Falco.</p> <p>Do you have something cool to share? Some questions? Let us know:</p> <ul> <li>web: <a href="https://kubernetespodcast.com">kubernetespodcast.com</a></li> <li>mail: <a href="mailto:kubernetespodcast@google.com">kubernetespodcast@google.com</a></li> <li>twitter: <a href="https://twitter.com/kubernetespod">@kubernetespod</a></li> </ul> <h3 id="chatter-of-the-week">Chatter of the week</h3> <ul> <li><a href="https://twitter.com/mrdanwalker/status/1226976395726852096">University Challenge: can you guess the computer?</a></li> <li>Golf Peaks (<a href="https://play.google.com/store/apps/details?id=com.Afterburn.GolfPeaks&hl=en_US">Google Play</a>, <a href="https://apps.apple.com/us/app/golf-peaks/id1419542293">App Store</a>) <ul> <li><a href="https://en.wikipedia.org/wiki/Desert_Golfing">Desert Golfing</a></li> </ul> </li> </ul> <h3 id="news-of-the-week">News of the week</h3> <ul> <li><a href="https://jaxenter.com/apache-flink-1-10-released-168220.html">Apache Flink v1.10</a></li> <li><a href="https://linkerd.io/2020/02/10/announcing-linkerd-2.7/">Linkerd v2.7</a></li> <li><a href="https://azure.microsoft.com/en-us/updates/update-servers-and-applications-to-tls-1-2-for-secure-communication-with-azure-container-registry-by-jan-3-2020/"> Azure Container Registry to require TLS 1.2</a></li> <li><a href="https://medium.com/omio-engineering/cpu-limits-and-aggressive-throttling-in-kubernetes-c5b20bd8a718"> CPU limits and aggressive throttling in Kubernetes - Omio Engineering</a> by Fayiz Musthafa from Omio</li> <li><a href="https://github.com/kiosk-sh/kiosk">Kiosk</a> <ul> <li><a href="https://www.reddit.com/r/kubernetes/comments/f29qug/kiosk_multitenancy_extension_for_kubernetes_now/"> Reddit thread with Lukas Gentele</a></li> </ul> </li> <li><a href="https://www.docker.com/blog/docker-donates-cnab-to-oci-library/">Docker donates the cnab-to-oci library to cnab.io</a></li> <li><a href="https://www.cncf.io/blog/2020/02/14/how-to-guide-debugging-a-kubernetes-application/"> How-to Guide: Debugging a Kubernetes Application</a></li> <li><a href="https://www.nutanix.com/blog/introducing-nutanix-karbon-2-kubernetes-simplicity-upgraded"> Nutanix Karbon 2.0</a></li> <li><a href="https://www.cncf.io/blog/2020/02/11/childcare-its-good-for-everyone/"> Childcare</a> and <a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/attend/novel-coronavirus-update/"> COVID-19</a> at KubeCon EU <ul> <li>That discount code again again: <strong><a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/register/"> KCEUGKP15</a></strong></li> </ul> </li> <li><a href="https://www.ibm.com/blogs/systems/red-hat-openshift-now-available-ibm-z-linuxone/"> Red Hat OpenShift is now available for IBM Z and LinuxONE</a></li> <li><a href="https://neonmirrors.net/post/2020-01/why-k8s-on-vms/">Why Kubernetes on VMs?</a> by Chip Zoller</li> <li><a href="https://blog.doit-intl.com/securely-access-aws-from-gke-dba1c6dbccba"> Securely Access AWS Services from Google Kubernetes Engine (GKE)</a></li> <li><a href="https://venturebeat.com/2020/02/11/carbon-relay-raises-63-million-to-automate-kubernetes-app-deployment/"> Carbon Relay raises $63 million</a></li> </ul> <h3 id="links-from-the-interview">Links from the interview</h3> <ul> <li>Traditional Linux tracing tools: <a href="https://en.wikipedia.org/wiki/Perf_(Linux)">perf</a> and <a href="https://en.wikipedia.org/wiki/Strace">strace</a></li> <li><a href="https://en.wikipedia.org/wiki/Berkeley_Packet_Filter">BPF and eBPF</a> <ul> <li><a href="https://dl.acm.org/doi/10.5555/1267303.1267305">BPF paper by Steven McCanne and Van Jacobson</a></li> <li><a href="https://lwn.net/Articles/740157/">eBPF: Alexei Starovoitov added the ’e’</a></li> <li><a href="https://en.wikipedia.org/wiki/Express_Data_Path">Express Data Path (XDP)</a></li> </ul> </li> <li><a href="https://github.com/iovisor/bpftrace">bpftrace</a></li> <li><a href="https://www.influxdata.com/products/influxdb-cloud/">InfluxDB Cloud</a></li> <li><a href="https://github.com/iovisor/kubectl-trace">kubectl-trace</a></li> <li>The <a href="https://www.influxdata.com/products/influxdb-cloud/">IO Visor project</a></li> <li><a href="https://sysdig.com/">Sysdig</a> <ul> <li><a href="https://twitter.com/lorisdegio">Loris Degioanni</a>, co-founder, CTO, and author of <a href="https://en.wikipedia.org/wiki/Wireshark">Wireshark</a></li> </ul> </li> <li><a href="https://falco.org">Falco</a> <ul> <li><a href="https://sysdig.com/blog/sysdig-and-falco-now-powered-by-ebpf/">Sysdig and Falco now powered by eBPF</a></li> <li><a href="https://sysdig.com/blog/falco-cncf-sandbox/">Falco joins CNCF Sandbox</a> and <a href="https://www.cncf.io/blog/2020/01/08/toc-votes-to-move-falco-into-cncf-incubator/"> moves to incubation</a></li> </ul> </li> <li>Upcoming KubeCon EU talks by Leonardo: <ul> <li><a href="https://kccnceu20.sched.com/event/ZenU/going-beyond-cicd-with-prow-leonardo-di-donato-sysdig"> Going beyond CI/CD with Prow</a></li> <li><a href="https://kccnceu20.sched.com/event/Zexb/designing-a-grpc-interface-for-kernel-tracing-with-ebpf-leonardo-di-donato-sysdig"> Designing a gRPC interface for kernel tracing with eBPF</a></li> </ul> </li> <li>Falco community: <ul> <li><a href="https://github.com/falcosecurity/falco">GitHub</a></li> <li><a href="https://falco.org/docs">Docs</a></li> <li><a href="https://lists.cncf.io/g/cncf-falco-dev">Mailing list</a></li> <li><a href="https://github.com/falcosecurity/community">Notes about community calls</a></li> <li><a href="https://www.youtube.com/channel/UCd7LDOK1nN5jIULHk-LJJtA">Community call recordings</a></li> <li><a href="https://slack.sysdig.com">Slack</a></li> </ul> </li> <li><a href="https://twitter.com/leodido">Leonardo Di Donato</a> on Twitter</li> </ul>